MiracleLinux 8 : vim-8.0.1763-16.el8.4 (AXSA:2022-3035:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3035:01 advisory. vim: heap-based buffer overflow in winredrstatus in drawscreen.c CVE-2021-3872 vim: illegal memory access in findstartbrace in cindent.c when...

Stack-based Buffer Overflow

vim is vulnerable to stack-based buffer overflow. The vulnerability exists in winredrruler function of drawscreen.c because of using a negative array index with a negative width window which allows an attacker to trick a user into opening a specially malicious file causing an application to crash...

vim: heap-based buffer overflow in win_redr_status() in drawscreen.c

An out-of-bounds write flaw was found in vim's drawscreen.c winredrstatus function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, a...

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. The vulnerability exists in winredrstatus in drawscreen.c because the length of the NameBuff hasn't been checked when appending a space which leads to a buffer overflow...